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Claim Objections 



1. Claims 1-36 are objected to because of the following informalities: in claim 2-36 
the term "a method" should be -the method-; in claim 1 , line 6-7 the term "a 
predetermined criterion" should be -the predetermined criterion-; in claim 37-38 the 
term "a predetermined criterion" should be -the predetermined criterion. Appropriate 
correction is required. 



Specification 

2. The disclosure is objected to because of the following informalities: the applicant 

fails to include a brief summary of the invention subsection, as well as a subtitle of the 

summary subsection. Appropriate correction is required. 

The following guidelines illustrate the preferred layout for the specification of a 
utility application. These guidelines are suggested for the applicant's use. 

Arrangement of the Specification 

As provided in 37 CFR 1 .77(b), the specification of a utility application should 
include the following sections in order. Each of the lettered items should appear in 
upper case, without underlining or bold type, as a section heading. If no text follows the 
section heading, the phrase "Not Applicable" should follow the section heading: 

(a) TITLE OF THE INVENTION. 

(b) CROSS-REFERENCE TO RELATED APPLICATIONS. 

(c) STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR 

DEVELOPMENT. 

(d) THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT. 

(e) INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A 

COMPACT DISC. 

(f) BACKGROUND OF THE INVENTION. 

(1) Field of the Invention. 
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(2) Description of Related Art including information disclosed under 37 
CFR 1.97 and 1.98. 

(g) BRIEF SUMMARY OF THE INVENTION. 

(h) BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S). 

(i) DETAILED DESCRIPTION OF THE INVENTION. 

(j) CLAIM OR CLAIMS (commencing on a separate sheet). 

(k) ABSTRACT OF THE DISCLOSURE (commencing on a separate sheet). 

(I) SEQUENCE LISTING (See MPEP § 2424 and 37 CFR 1 .821-1 .825. A 
"Sequence Listing" is required on paper if the application discloses a 
nucleotide or amino acid sequence as defined in 37 CFR 1.821(a) and if 
the required "Sequence Listing" is not submitted as an electronic 
document on compact disc). 



Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 1 2: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 9, 19-28 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. In claims 19-28 the phrase "the executable meets a 
second predetermined criterion" is unclear, as it cannot be ascertained because the 
specification fails to disclose what second predetermined criterion the claimed invention 
is referring to. 

Claim 9 the phrase "determine whether the executable is recent" is unclear 
because the bounds of patent protection are not clearly defined as the applicant failed 
to disclose in the specification to what respect the executable is "recent." Therefore for 
the sake of prosecution the term "recent" as claimed in the invention will be regarded as 
meaning "modified." 
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Claim Rejections - 35 USC § 101 



5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

6. Claims 1-38 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Independent claims 1, 37-38 are drawn towards a method for providing 
computer security comprising, providing an executable associated with a static state, 
determining whether the executable meets a predetermined criterion, and associating a 
risk level with the criterion, if it is determined that the executable meets a predetermined 
criterion, wherein determining whether the executable meets a predetermined criterion 
does not compare the executable with a virus signature. In order for a method claim to 
be statutory, it must result in useful, tangible and concrete result. In this instance there 
is no result of the claimed invention. The mere act of determining whether the 
executable meets a predetermined criterion does not compare the executable with a 
virus signature does not cause any action resulting in a tangible output result. Therefore 
the claim invention as claimed does not meet the statutory requirement of tangible result 
of 35 U.S.C 101. 

Claims 2-36, which are dependent upon claim 1 do not add any tangible output 
result to the claimed invention as thus are rejected for the same reason. 
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Independent claims 37-38, are drawn towards a method for providing computer 
security comprising, providing an executable associated with a static state, determining 
whether the executable meets a predetermined criterion, and associating a risk level 
with the criterion, if it is determined that the executable meets a predetermined criterion, 
wherein determining whether the executable meets a predetermined criterion does not 
compare the executable with a virus signature. The claims as written would reasonably 
be interpreted by one ordinary skill in the art as software or computer program product 
per se, which lacks support of a physical medium such as a computer. As such that, 
they are unable to produce concrete and tangible output result output result. 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

8. Claims 1-6, 18, 22-24, 37-38 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Schultz et al. (US 2003/0065926 A1). 

Regarding claim 1 and 37-38, Schultz discloses a method for providing 
computer security comprising, providing an executable associated with a static state 
(para. 0021, lines 1-3); determining whether the executable meets a predetermined 
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criterion (para. 0022, lines 3-9); associating a risk level with the criterion, if it is 
determined that the executable meets the predetermined criterion (para. 0038, lines 4- 
10); wherein determining whether the executable meets a predetermined criterion does 
not compare the executable with a virus signature (para. 0042, lines 9-14). 

Regarding claim 2, Schultz discloses the method for providing computer 
security, wherein the risk level indicates a level of potential risk that will be brought by 
operating the executable (para. 0038, lines 3-6). 

Regarding claim 3, Schultz discloses the method for providing computer 
security, wherein the risk level indicates how much risk the executable presents (para. 
0099, lines 1-15; para. 0100, lines 1-3). 

Regarding claim 3 Schultz discloses the method for providing computer security, 
wherein the risk level indicates a level of potential risk 

Regarding claim 4 and 22, Schultz discloses the method for providing computer 
security, wherein the predetermined criterion includes a configuration criterion (para. 
0036, lines 11-14; para. 0119, lines 8-18). 

Regarding claim 5, Schultz discloses the method for providing computer 
security, wherein the predetermined criterion is used to determine whether the 
executable is configured as a service (para. 0103, lines 3-4). 

Regarding claim 6, 23, 24, Schultz discloses the method for providing computer 
security, wherein the predetermined criterion is used to determine whether the 
executable is configured to run under a high privileged account (para. 0040, lines 4-8). 
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Regarding claim 18, Schultz discloses the method for providing computer 
security comprising associating with the executable a risk type indicating a type of risk 
to which the executable is vulnerable (para. 0038, lines 4-8; para. 0099, lines 4-12). 

Claim Rejections - 35 USC § 103 

1 0. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

11. Claims 7-8, 10, 12-17, 19-21,26-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Schultz et al. (US 2003/0065926 A1 ) in view of Tajalli et al. (US 
2004/0143749 A1). 

Regarding claim 7, Schultz discloses all the limitation of claim 7 as disclosed 
above in claim 1 , except for wherein the predetermined criterion is used to determine 
whether the executable is installed via a standard procedure. The general concept of 
whether the executable is installed via standard procedure is well known in the art as 
illustrated by Tajalli, which discloses controlling access to system resources by each 
process bases on a behavior control description for the process set to which it belongs 
(para. 0020, lines 5-7). Therefore it would have been obvious for one of ordinary skill in 
the art at the time of the invention to modify Schultz to in clued the use of a 
predetermined criterion to determine if the executable has not properly installed in order 
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to prevent malicious code execution on a computer system, as well as to controlling 
access over malicious code. 

Regarding claim 8, 27, Schultz discloses all the limitation of claims 8 and 27 
except, the method for providing computer security, wherein the predetermined criterion 
is used to determine whether the executable has sufficient access control. The general 
concept of determining if the executable having sufficient access control is well known 
in the art as illustrated by Tajalli, which discloses access control engine to monitor 
access and use of critical system resources, in addition the IDS watches applications 
request and resources used, looking for request or uses that depart from acceptable 
use and behavior (para. 0081, lines 1-11; para. 0161, lines 12-14; para. 0175, lines 5- 
6). Therefore it would have been obvious for one of ordinary skill in the art at the time of 
the invention to modify Schultz to include the use of determining sufficient access 
control in order to control access rights to system resources. 

Regarding claim 10, Schultz discloses all the limitation of claim 10, except the 
method of providing computer security, wherein the predetermined criterion is used to 
determine whether the executable is signed. The general concept of determining if the 
executable is signed is well known in the art as illustrated by Tajalli, which disclose that 
the IDS will check for encryption within the executable (para. 0161 , lines 12-14; para. 
01 69, line 1 ). Therefore it would have been obvious for one of ordinary skill in the art at 
the time of the invention to modify Schultz to include the use of determining if the 
executable is signed in order to determine the origin of the executable, as public key 
cryptography bind the signer to the key. 
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Regarding claim 12, 26, Schultz discloses all the limitation of claim 12 and 26 
except providing compute security wherein, the predetermined criterion includes a 
capability criterion. The general concept of the predetermined criterion includes a 
capability criterion is well known in the art as illustrated by Tajalli, which discloses the 
predetermined criterion include capability (para. 0055, lines 1-2; para. 0175, lines 5-6). 
Therefore it would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Schultz to include the use of a capability criterion in order to protect 
the system against attack. 

Regarding claim 13, 28, Schultz discloses all the limitation of claim 13 and 28 
except the method for providing computer security wherein the predetermined criterion 
is used to determine whether the executable has networking capability. The general 
concept of determining if the executable have network capability is well known in the art 
as disclosed by Tajalli, which discloses network protection against malicious codes 
(para. 0244, lines 1; 0251, lines 2-9; para. 0175, lines 5-6). Therefore it would have 
been obvious for one of ordinary skill in the art at the time of the invention to modify 
Schultz to include the use of determining if malicious code has network capability in 
order to protect the network against malicious codes that may cause damage to 
network. 

Regarding claim 14, Schultz discloses all the limitation of claim 14 except, the 
method for providing computer security, wherein the predetermined criterion is used to 
monitor whether the executable has privilege manipulation capability. The general 
concept of determining whether the executable has privilege manipulation capability is 
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well known in the art as illustrated by Tajalli, which discloses that the IDS would define 
modifying or manipulating registry keys as inappropriate behavior that would be blocked 
(para. 0050, lines 1-8). Therefore it would have been obvious for one of ordinary skill in 
the art at the time of the invention to modify Schultz to include the use of determining if 
executable has privilege manipulation capability in order to protect the system against 
malicious codes that may want to modify system registries. 

Regarding claim 15, Schultz discloses all the limitation of claim 15 except, the 
method for providing computer security, wherein the predetermined criterion is used to 
determine whether the executable has remote process capability. The general concept 
Of determining if the executable has remote process capability is well known in the art 
as illustrated by Tajalli, which discloses the IDS is configured to control network 
services to include remote connection (para. 0236, lines 1-3; para. 0239, line 1). 
Therefore it would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Schultz to include the use of determining if malicious code has 
remote capability in order to prevent the network from being taking over by hackers that 
may use Trojan Horses to enter the network unchecked. 

Regarding claim 16, Schultz discloses all the limitation of claim 16 except, the 
method for providing computer security, wherein the predetermined criterion is used to 
determine whether the executable has process launching capability. The general 
concept of determining if the malicious code has process launching capability is well 
known in the art as illustrated by Tajalli, which discloses a malicious code initiate HTTP 
connection to other Web servers (para. 0244, lines 1-2; para. 0249, lines 1-2). 
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Therefore it would have been obvious for one ordinary skill in the art at the time of the 
invention to modify Schultz to include the use of determining if the malicious code has 
process launching capability in order to stop malicious code from executing and from 
calling other system resources from the network. 

Regarding claim 17, Schultz discloses all the limitation of claim 17 except, the 
method for providing computer security, wherein the predetermined criterion is used to 
determine whether the executable has secure algorithm. The general concept of 
determining if malicious codes has secure algorithm is well known in the at as illustrated 
by Tajalli, which discloses the IDS controls access to any attributes of files or directories 
including if encryption present for the malicious code (para. 0217, lines 1-2; para. 0222, 
line 1 ). Therefore it would have been obvious for one of ordinary skill in the art at the 
time of the invention to modify Schultz to include the use of determining if the malicious 
code has secure algorithm in order to protect against virus that uses encrypted code to 
hide their payload from virus protection mechanism. 

Regarding claim 19, Schultz discloses all the limitation of claim 18 except, the 
method of providing computer security, wherein the predetermined criterion is a first 
predetermined criterion, and the method further includes determining whether a process 
associated with the executable meets a second predetermined criterion. The general 
concept of determining if the process associated with the executable meet a second 
criterion is well known in the art as illustrated by Tajalli, which discloses a dynamic and 
static criterion to analyze executables (para. 0175, lines 5-6). Therefore it would have 
been obvious for one of ordinary skill in the art at the time of the invention to modify 
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Schultz to include the use of determining is a process associated with the executable 
meets a second criterion in order to provide security to the network systems. 

Regarding claim 20-21, Schultz discloses all the limitation of claim 20 and 21 as 
disclosed above in claim 1 except, the method wherein the predetermined criterion is a 
first predetermined criterion, and the method further includes determining whether a 
process that is running instance of the executable meet a second criterion. The general 
concept of determining whether a process that is running instance of the executable 
meet a second criterion is well known in the art as illustrated by Tajalli, which discloses 
protecting a system from unauthorized use, decomposing processes running and 
identifying the processes attributes (see abstract, lines 1-6; para. 0020, lines 1-4; para. 
0175, lines 5-6). Therefore it would have been obvious for one of ordinary skill in the art 
at the time of the invention to modify Schultz to include the use of decomposing running 
processes and identifying the processes attributes in order to provide security to the 
system while process are running. 

Regarding claim 29-31, Schultz discloses all the limitation of claim 29-31 as 
disclosed above except, the method for providing computer security, comprising 
analyzing historical evidence; the historical evidence include a record of activities and 
log file. The general concept of analyzing historical evidence is well known in the art as 
illustrated by Tajalli, which discloses the use of historical evidence (para. 0091 , lines 1- 
7; para 0097, line 1 ). Therefore it would have been obvious for one of ordinary skill in 
the art at the time of the invention to modify Schultz to include the use of analyzing 
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historical evidence, record activities and log file in order to assign processes into their 
proper category, thus that new policy may be implemented more effectively. 

Regarding claim 32, Schultz and Tajalli discloses all the limitation of claim 32 as 
disclosed above except, the method for providing computer security, wherein the 
historical evidence includes a system optimization file. The general concept of the 
historical includes a system optimization file is well known in the art by Tajalli, which 
disclose a communication module to retrieve configuration or log data and returns them, 
in addition the communication module can retrieve data from disk or from the engine, 
and request alert when unusual event occur (para 0090, lines 3-8). System optimization 
file or swap files resides on disk. Therefore it would have been obvious for one of 
ordinary skill in that art at the time of the invention to modify Schultz to include the use 
of swap file in order to obtain information that are relevant to build system policy. 

Regarding claim 33-34, Schultz discloses all the limitation of claim 33 and 34 as 
disclosed above except the method for providing computer security, wherein historical 
evidence includes a crash dump. The general concept of the historical evidence 
includes a crash dump is well known in the art as illustrated by Tajalli, which discloses a 
communication module that monitors local log files, transfers log data to a management 
infrastructure and request alerts when unusual events occur (para. 0090, lines 3-8). 
Therefore it would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Schultz to include the use a crash dump file and prefetch file in order 
to gather information when system failure occur. 



Application/Control Number: 10/782,396 
Art Unit: 2109 



Page 14 



12. Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schultz 
et al: (US 2003/0065926 A1 ) in view of Khazan et al. (US 2005/01 08562 A1 ). 

Regarding claim 25 is Schultz discloses all the limitation of claim 25 is disclosed 
above except, wherein the second predetermined criterion is used to determine whether 
the process loads a dynamic library during its operation. The general concept of 
determining whether the process loads a dynamic library during its operation is well 
known in the art as illustrated by Khazan, which discloses an analyzer determining if 
whether the process loads a dynamic library during its operation (para 0062, lines 3-1 1 ). 
Therefore it would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Schultz to include the use of determining whether the process loads 
dynamic library during its operation in order to analyze the executable in its libraries, 
thus that effective protection can be provided to the system. 

13. Claims 9, 11, 35-36 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Schultz et al. (US 2003/0065926 A1) in view of Khazan et al. (US 2005/0108562 
A1). 

Regarding claim 9, and 1 1 , Schultz discloses all the limitation of claim 9 and 1 1 
except the method of providing computer security, wherein the predetermined criterion 
is used to determine whether the executable is recent and determine whether the 
executable has a modified date different from the created date. The general concept of 
determining whether the executable is recent and determining whether the executable 
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has a modified date different from the created date is well known in the art as illustrated 
by Khazan, which discloses analyzing the executable when modification take place 
(para. 0107, lines 1-4; para. 01 15, lines 1-19). Therefore it would have been obvious for 
one of ordinary skill in the art at the time of the invention to modify Schultz to include the 
use of Khazan in order to verify whether modification has taken place within the 
executable. 

Regarding claim 35-36, Schultz discloses all the limitation of claim 35 except, 
the method for providing computer security, comprising performing a dynamic risk 
analysis, and determining whether an action is required. The general concept of 
performing dynamic analysis and determining whether an action is required is well 
known in the art as illustrated by Khazan, which discloses static and dynamic analyzer 
(para. 0040, lines 12-13, and whether an action is required (para. 0099, lines 7-11, lines 
21-26). Therefore it would have been obvious for one of ordinary skill in the art at the 
time of the invention to modify Schultz to include the use of dynamic analyzer to 
determine whether an action is required in order to protect compute systems against 
malicious codes. 

Conclusion 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Esteve Mede whose telephone number is 571-270- 
1594. The examiner can normally be reached on Monday thru Friday, 8:30-5:00 PM, 
EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Frantz Jules can be reached on 571-272-6681 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Esteve Mede 
EM 

March 12, 2007 FRANTZ JULES 
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